Security verification
When authenticated users attempt sensitive or high-risk actions—such as changing their password, making a payment, or accessing sensitive information like paychecks or bank account details—additional security measures are essential. This flow is especially critical in sensitive applications like banking, healthcare, and government services.
This process, known as security verification, requires users to re-verify their identity to confirm they are the authorized account holder. By implementing security verification, the system reinforces protection against unauthorized access, adding a critical layer of security for high-risk actions and helping safeguard sensitive data.
Implement security verification by Account API
Remember to enable Account API first, and get the access_token
for the user.
Password verification
When users attempt to change their password, the system should prompt them to re-enter their current password to verify their identity. This step ensures that only the authorized account holder can change the password, preventing unauthorized access to the account.
method | path | description |
---|---|---|
POST | /api/verifications/password/verify | Verify current user password. |
Email/SMS one-time code verification
Send a verification code to the user’s email or phone number and prompt them to enter the code to confirm their identity. These endpoints can be used to verify a user’s identity or to confirm ownership of a specific email or phone number. This verification step is highly recommended when a user attempts to link a new email address or phone number to their account, ensuring the authenticity of the information provided.
method | path | description |
---|---|---|
POST | /api/verifications/verification-code | Send email or phone number verification code. |
POST | /api/verifications/verification-code/verify | Verify email or phone number by verification code. |